2 months ago
25
Coupang’s massive information breach successful South Korea has present go a geopolitical flashpoint arsenic a increasing fig of the company’s U.S. investors instrumentality ineligible enactment against the South Korean government.
What began arsenic a regulatory probe into information information failures has expanded into a broader quality implicit alleged unfair attraction of the U.S.-headquartered company.
While Coupang — which operates successful South Korea, Taiwan, and Japan — is often referred to arsenic the “Amazon of South Korea,” its worldwide office are really successful Seattle, Washington.
The company’s investors are present seeking planetary arbitration nether the Korea–U.S. Free Trade Agreement (FTA). On Jan 23, 2026, U.S. concern firms Greenoaks and Altimeter filed a notice with South Korea’s Ministry of Justice, saying they suffered losses from what they characterized arsenic the government’s discriminatory probe into the information breach. They said they program to prosecute investor–state quality colony (ISDS) arbitration nether the Korea–U.S. FTA.
South Korea’s Ministry of Justice said Thursday that 3 much investors including Abrams Capital, Durable Capital Partners, and Foxhaven Asset Management person present joined the case. They are alleging the authorities acted unlawfully toward the e-commerce company.
To recap the incident: In December, Coupang disclosed that astir 34 cardinal Korean customers’ idiosyncratic accusation had been leaked successful a information breach that had been going connected for much than 5 months. The breach progressive lawsuit names, email addresses, telephone numbers, shipping addresses, and definite bid histories, the institution said.
While different tech breaches successful Korea resulted successful little terrible penalties, Coupang has faced bonzer authorities pressure. The authorities reportedly threatened massive fines, suspension of operations, and travel bans for executives while, Coupang’s investors allege, trying to artifact nationalist communication and misrepresenting the breach.
Techcrunch event
Boston, MA | June 23, 2026
Korea’s Personal Information Protection Commission (PIPC) said that much than 30 cardinal Coupang accounts were exposed — but the facts constituent to conscionable 3,000 affected accounts, according to Coupang’s investors.
In December, South Korea’s authorities and the PIPC said the Coupang breach was superior capable to warrant higher fines. Under existent law, penalties are capped astatine 3% of revenue, much than $800 cardinal for Coupang, according to the U.S. investors, but immoderate lawmakers person projected raising the bounds to 10% and applying it retroactively.
Even if the caller instrumentality passes, it wouldn’t use to Coupang, since the breach occurred earlier the rules changed. But a Democratic Party lawmaker successful the state suggested imposing punitive fines, done either caller authorities oregon a peculiar parliamentary act, and PIPC backed the idea, per quality reports. South Korean President Lee Jae Myung besides publicly called for dense penalties, suggesting the institution had not faced capable consequences.
Based connected the notice of intent filing released by the investors’ ineligible advisor, the investors reason that the South Korean government’s actions represent an “unprecedented assault” connected Coupang. In the filing, they argue:
“The Government’s unprecedented battle connected a U.S. institution to payment its Korean and Chinese competitors is an egregious usurpation of the Treaty, principles of planetary law, and the historical concern betwixt Korea and the United States….. the Government’s shocking behaviour has near the U.S. investors with nary choice. If the Government does not instantly cease its attacks against Coupang, afloat reconstruct the company’s quality to run its business, and permanently extremity its longstanding run of favoritism against the company, past the U.S. investors volition beryllium forced to question billions of dollars successful damages from Korea to support their investments successful Coupang and remedy the Government’s ongoing Treaty violations, including attemped expropriation.”
The filing is simply a preliminary, pre-litigation step. South Korea’s Ministry of Justice is present reviewing the announcement of intent, which kicks disconnected a mandatory 90-day consultation period earlier ceremonial arbitration tin begin.
Coupang, Abrams Capital, and Foxhaven Asset Management did not respond to TechCrunch’s petition for comment. Durable Capital Partners could not beryllium reached.
According to the investors’ filing, South Korea’s handling of information breaches has been inconsistent, specifically citing different caller information breaches successful South Korea, including KakaoPay, SK Telecom, Upbit, and Alibaba’s AliExpress.
KakaoPay reportedly transferred 54 cardinal lawsuit records to Alipay Singapore, yet faced only a $10 cardinal fine and a CEO warning, portion SK Telecom was fined $91 million aft a monolithic SIM paper breach. Upbit and AliExpress besides saw minimal authorities action. The investors accidental these examples underscore the stark opposition with the government’s effect to Coupang.
South Korea’s Ministry of Science and ICT said Wednesday that the Coupang information breach was carried retired by a erstwhile worker who had worked connected the company’s authentication systems and was alert of vulnerabilities successful some the authentication model and cardinal absorption system.
The Ministry alleges that Coupang failed to study the breach to the Korea Internet & Security Agency (KISA) wrong 24 hours and did not afloat instrumentality a November 2025 information preservation order, starring to the deletion of cardinal web and app entree logs. The ministry has referred the substance to investigators and ordered Coupang to taxable a prevention program by February 2026, with compliance monitored done July.
Coupang released a statement, saying that the employee, a Chinese national, accessed information from implicit 33 cardinal accounts but retained lone astir 3,000 earlier deleting it, and that nary delicate info specified arsenic outgo data, passwords, oregon authorities IDs was accessed.
Coupang besides replaced its CEO, Dae-jun Park with Harold Rogers, its U.S. parent’s apical lawyer, in December.
Adam Farrar, elder subordinate astatine CSIS and elder geoeconomics expert for APAC astatine Bloomberg, said connected Tuesday’s Impossible State podcast that what began arsenic a large information breach involving Coupang has grown into a broader contented betwixt the United States and South Korea.
Farrar said that the lawsuit is amplifying broader U.S. claims of unfair attraction toward American exertion firms, raising commercialized and tariff risks for South Korea arsenic the U.S. Congress becomes progressively engaged.
“The monolithic information breach [by Coupang] led to a bid of investigations successful the National Assembly and immoderate precise combative backmost and distant with Coupang and a bid of executives implicit the past respective months,” Farrar said successful the podcast. “The further dynamic present is that Coupang, portion driving astir each of its net from Korea, is present a US-based institution that adds to the dynamic connected some sides, impacting however they’re perceived and seen.”
The contented extends beyond Coupang, raising broader questions astir whether South Korea is unfairly targeting U.S. companies, Farrar continued.
Critics constituent to integer policies they accidental favour home firms, including web usage fees connected contented providers similar Netflix, Apple’s App Store and Google Play outgo rules and information localization requirements that bounds services similar Google Maps connected nationalist information grounds.
English (US) ·